4 Replies
      Latest reply on Mar 1, 2017 2:35 AM by eskimo
      yu153 Level 1 Level 1 (0 points)

        My app has a rsa private key

        • Re: how to protect my rsa private key?
          yu153 Level 1 Level 1 (0 points)

          I use the key to encrypt my data ,my code is as follows:

          privatekey = "M....

          but is it possible for a hacker to get the key by reverse engineering?

          If so ,how to protect it

            • Re: how to protect my rsa private key?
              eskimo Apple Staff Apple Staff (13,895 points)

              but is it possible for a hacker to get the key by reverse engineering?

              Of course.  If you embed a secret within your app, it’s always possible for someone to extract that secret.  What you're asking for here is effectively a DRM scheme (you want to give something to the user but only allow them to use it in some specific way) and, as we all know, 100% secure DRM is impossible.

              You can, however, take reasonable steps to obfuscate data like this.  There’s a thread on the old DevForums where I describe one approach that I think strikes a reasonable balance between coding time and security.

              However, my general recommendation is that you avoid getting into this situation by not embedded secrets in your app in the first place.  For example, rather than try to authenticate your app, you should authenticate users.  That has two key advantages:

              • Your security is not dependent on one single key; there’s a key per user.

              • If a key leaks, you know who was responsible and can take steps from there.

              Share and Enjoy

              Quinn “The Eskimo!”
              Apple Developer Relations, Developer Technical Support, Core OS/Hardware
              let myEmail = "eskimo" + "1" + "@apple.com"

                • Re: how to protect my rsa private key?
                  yu153 Level 1 Level 1 (0 points)

                  thanks, I have authenticated users ,but sometimes we have to encrypt somethink with RSA, I have to save the private key in my app, you say:"There’s a thread on the old DevForums where I describe one approach that I think strikes a reasonable balance between coding time and security." 

                  but when I click   thread,   it linked to a wrong  web page. may you give me the right link address?   thanks very much!

                    • Re: how to protect my rsa private key?
                      eskimo Apple Staff Apple Staff (13,895 points)

                      may you give me the right link address?

                      The link is correct.  I suspect the problem here is access control; access to the old DevForums site is more restricted than access to this site.

                      Anyway, I don’t think that matters because of this:

                      I have authenticated users, but sometimes we have to encrypt somethink with RSA, I have to save the private key in my app,

                      So, you have a private key per user?  If so, you should store it in the keychain.

                      Share and Enjoy

                      Quinn “The Eskimo!”
                      Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                      let myEmail = "eskimo" + "1" + "@apple.com"